package cn.jingyuan.swan.admin.web.config;

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers("/favicon.ico")
            .antMatchers("/error")
            .antMatchers("/static/**")
            .antMatchers("/resources/**")
            .antMatchers("/webjars/**")
            .antMatchers("/druid/**")
        ;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable();

        http
            .cors().disable();

        http.headers()
            // 允许 iframe 嵌套
            .frameOptions().disable();

        // 启用HTTP-Basic支持。这是 Spring Boot Admin Client 注册所必需的
        http.httpBasic();

        // 配置登录和注销
        http.formLogin()
            .loginPage("/login").permitAll();

        http.logout()
            .logoutUrl("/logout").permitAll();

        http.authorizeRequests()
            // 指定监控可访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .antMatchers("/assets/**").permitAll()
            .anyRequest().authenticated();
    }

}
